From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Thu, 23 Nov 2017 07:18:19 +0000 (+0100)
Subject: lmdb write fix
X-Git-Tag: v2.0.0~6^2~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d35541eea343ce41c71fa751d8078c28d74badd;p=thirdparty%2Fknot-resolver.git

lmdb write fix

Fix incorrectly computed bound, leading to writes beyond the buffer
returned by lmdb, resulting in all kinds of weird errors later.
---

diff --git a/lib/cache/entry_list.c b/lib/cache/entry_list.c
index 96ff81f45..6a68c73e8 100644
--- a/lib/cache/entry_list.c
+++ b/lib/cache/entry_list.c
@@ -164,7 +164,8 @@ int entry_h_splice(
 	}
 
 	/* Obtain new storage from cache.
-	 * Note: this does NOT invalidate val_orig_all.data. */
+	 * Note: this does NOT invalidate val_orig_all.data.
+	 * FIXME: possibly wrong, as transaction may be switched RO->RW */
 	ssize_t storage_size = val_orig_all.len - val_orig_entry.len
 				+ val_new_entry->len;
 	assert(storage_size > 0);
@@ -180,12 +181,16 @@ int entry_h_splice(
 	const ssize_t len_before = val_orig_entry.data - val_orig_all.data;
 	assert(len_before >= 0);
 	if (len_before) {
+		assert(ktype == KNOT_RRTYPE_NS);
 		memcpy(val.data, val_orig_all.data, len_before);
 	}
 	/* Write original data after entry, if any. */
-	const ssize_t len_after = val_orig_all.len - val_orig_entry.len;
+	const ssize_t len_after = val_orig_all.len - len_before - val_orig_entry.len;
 	assert(len_after >= 0);
+	assert(len_before + val_orig_entry.len + len_after == val_orig_all.len
+		&& len_before + val_new_entry->len + len_after == storage_size);
 	if (len_after) {
+		assert(ktype == KNOT_RRTYPE_NS);
 		memcpy(val.data + len_before + val_new_entry->len,
 			val_orig_entry.data + val_orig_entry.len, len_after);
 	}